A HTTPS content filtering solution is an Internet filter with SSL inspection. Its purpose is to inspect the content of “encrypted transport mechanisms” in order to detect any harmful or malicious code that may be masked by encryption and to identify potential breaches of acceptable use policies.
The reason for advising companies to implement a HTTPS content filtering solution is that, without one, most defenses against web-borne threats are inadequate. An Internet filter unable to read the content of an encrypted conversation will not be as effective in identifying threats to your online security.
The Increase in Encrypted Websites is Driven by Google
Encrypted websites were originally developed to facilitate secure transactions such as online banking. However, in 2014, Google announced that websites with SSL certificates would be elevated in search engine results pages. This resulted in many website owners encrypting their content for SEO purposes.
It also resulted in many different certification authorities partnering up with web performance and online security companies to offer Domain Validation SSL certificates for free. Without the same level of scrutiny in place as before, cybercriminals set up fake phishing websites, obtained SSL certificates, and executed their online attacks without the risk of being identified by a “standard” Internet filter.
The issue is expected to get worse in 2017 due to Google´s plans to mark any website without SSL certification as “Not Secure” in search engine results pages and in the URL address bar. Effectively, genuine websites will likely lose traffic because of not having an SSL certificate, while scammers and cybercriminals will continue to use free Domain Validation services.
How a Solution to Filter HTTPS Traffic Works
A solution to filter HTTPS traffic works by inspecting every request to visit a website against a series of filters. The first of these filters is a blacklist of websites known to harbor malware and viruses, and those that hide their true identities behind a proxy server. If the website appears on the blacklist, the request to visit the website is denied and the user receives a message informing them why.
The second filtering mechanism in the series is a category filter. The category filter is configured by a system administrator to deny access to certain types of website considered unsuitable (pornography, gambling, online shopping, file sharing sites, etc.). This filter has SSL inspection to de-encrypt the content of any requested website, inspect it, and then re-encrypt it before allowing access.
Keyword filters can be used to block access to websites by name or by specific words. They can prevent users downloading file types most commonly associated with malware or using specific applications. Many mobile and desktop applications can be exploited by hackers to deliver malware payloads via encrypted web pages. These threats would not be detected by a filtering solution lacking SSL inspection.
Protecting Your Network against Ransomware
Ransomware attacks often owe their success to the weakest link in an organization´s defenses – their employees. Employees are duped into visiting an infected website, either by clicking on a link in a phishing email or by revealing login credentials on a fake website. One of the ways to prevent this from occurring is to implement an HTTPS content filtering solution that has SURBL filters.
In a similar way to which blacklists compare requests to visit websites against a list of websites known to harbor malware, SURBL filters compare requests to visit websites against list of IP addresses from which spam emails have originated – these IP addresses also being the most likely source of a phishing email.
SURBL filters cannot stop Business Email Compromise (BEC) attacks when an internal email account has already been compromised, but they can prevent users visiting fake phishing websites. Research has shown that more than 90% of phishing emails have the purpose of deploying ransomware as this is the easiest form of malware to monetize. An HTTPS content filtering solution reduces the chance of a ransomware attack being successful.
- In 2017, reported ransomware attacks increased 62% year-on-year.
- Some businesses experienced more than twenty attacks within the year.
- The cost of recovering from a ransomware attack is often higher than the ransom
- There is a 50% likelihood the business will suffer a loss of productivity.
- There is a one-in-five likelihood of corporate revenue loss during a temporary closure.
- One-in-five small businesses shut down permanently after a ransomware attack.
Further Benefits of a HTTPS Content Filtering Solution
The further benefits of a HTTPS content filtering solution will vary according to the nature of a company´s business. An Internet filter with SSL inspection can be implemented in an office-based environment to prevent productivity-sapping activities, block access to websites containing material offensive to other employees, and anonymizer sites used to circumnavigate filter settings.
For a company in the services industry – particularly a company that offers a Wi-Fi service to customers – a solution to filter HTTPS traffic can help protect customers´ devices from malware, block access to websites containing material offensive to other customers, and prevent customers from using P2P file sharing applications that could result in a civil penalty for facilitating copyright infringement.
Schools, libraries and colleges can also benefit from implementing an Internet filter with SSL inspection – especially those applying for E-rate discounts under CIPA or Library Service and Technology Act grants. Only an HTTPS content filtering solution with SSL inspection can be relied upon to protect children from exposure to adult material, and protect the devices used in the educational facility from malware.
SpamTitan´s Internet Filter with SSL Inspection
SpamTitan´s Internet filter with SSL inspection is called “WebTitan”. WebTitan has SURBL filtering to prevent access to phishing websites and provides a robust defense against other web-borne threats. Simple to implement, configure and manage, our HTTPS content filter also comes in several deployment options:
WebTitan Cloud
WebTitan Cloud is a DNS-based Internet filter with SSL inspection that only requires the realignment of a company´s DNS to implement. WebTitan Cloud is managed via a web-based portal that can be accessed from any device with an Internet service.
WebTitan Cloud for WiFi
WebTitan Cloud for WiFi is a HTTPS content filtering solution for companies operating a wireless network service. With no limit on the number of users that can connect to the filter, this WebTitan solution to filter HTTPS traffic provides filtered Internet access with imperceptible latency to all devices.
Features of SpamTitan´s HTTPS Content Filtering Solution
Whichever HTTPS content filtering solution is most suitable for your company, there are shared features throughout the deployment options that optimize the effectiveness of each solution and releases your IT department to focus on business-critical issues.
Automatic Updates
The software driving the filters is automatically updated by SpamTitan. This includes new websites found to be harboring malware and the categorization of new websites to ensure our solution for filtering HTTPS traffic is constantly up to date.
Email Alerts and Automated Report Scheduling
Our Internet filter with SSL inspection can be configured to send email alerts whenever attempts are made to access prohibited websites or circumnavigate the filter parameters. Automated reports can also be scheduled to assist with the enforcement of acceptable use policies.
Integration with Backend Management Tools
If your company takes advantage of backend management tools such as Active Directory, LDAP or NetIQ, each solution to filter HTTPS traffic can be integrated with directory services and other management tools using our straightforward APIs.
Simple Acceptable Use Policy Changes
Changes to acceptable use policies can be actioned by individual user, groups of users, departments or throughout a whole company via the intuitive web-based portal. The process requires no advanced technical knowledge and can be completed within minutes.
Time-Based Filter Controls
For companies that want to restrict Internet access during certain times of the day, and then relax the restrictions thereafter, our HTTPS content filtering solution has time-based filter controls that can be applied by user, user-group, department or universally.
Multi-Lingual Filtering
Multi-lingual filtering ensures that threats from overseas, and undesirable material in foreign languages do not bypass our solution to filter HTTPS traffic. All websites, regardless of their language, are filtered by our HTTPS content filtering solution.
White Label Products for MSPs and Resellers
All three WebTitan deployment options are available in white label format for MSPs and resellers, providing the opportunity for companies in this industry sector to market our HTTPS content filtering solution as their own and offer it as an additional service or stand-alone product.
Industry-Leading Technical and Customer Support
Our HTTPS web content filtering solution has been designed to be effective and easy to manage. However, if you ever experience an issue with any SpamTitan solution to filter HTTPS traffic, our industry-leading technical and customer support will always be on hand to help you.
HTTPS Content Filtering Solution Pricing
There are three different factors that influence SpamTitan´s HTTPS content filtering solution pricing – which solution to filter HTTPS traffic is most appropriate for your requirements, how many users you want the filter to support, and the period you subscribe in advance to our service. Monthly payment options are also available for companies and organizations with a restricted budget.
Before asking you to decide which solution for filtering HTTPS traffic is most appropriate for your requirements – or which HTTPS web content filtering solution pricing option you would prefer – we invite companies of all sizes to evaluate WebTitan free days, with no contracts to sign, no credit card required and no commitment from you to continue using our service once the trial period is over.
Do not hesitate to contact us about this free offer and for help in determining which the most appropriate WebTitan solution is for your specific needs.
FAQ
Does an HTTPS content filter solution also filter HTTP traffic?
Yes. Every request to visit a website goes through our filtering solution to ensure the request complies with the organization´s Internet policies. HTTPS inspection is one of the final processes a request goes through after the destination website has been checked against URIBL and SURBL blacklists, and the nature of the website compared against category and keyword filters.
How many category and keyword filters are there?
HTTPS content filtering solutions constantly evolve to address new threats. At present we offer a choice of fifty-three pre-configured category filters and six customizable category filters. You can apply an unlimited number of keyword filters, and the option also exist to block content by “keyword score” - i.e. the website is blocked only when a keyword appears multiple times.
Is it possible to block some websites in a category, but not others?
Because the Internet is so vast, the easiest - and safest - way to address this issue is to block a category in its entirety and then whitelist the websites you want to allow access to. A policy of this nature can be universal, or specific to an individual or department. For example, you make want to allow the marketing department access to some social media websites, but block the category to everyone else.
Do I get an email every time somebody attempts to access a blocked site?
It depends how you configure the management console. Most organizations prefer to schedule periodic reports that provide information such as which requests were blocked, when were they blocked, why were they blocked, and who was blocked. If you prefer to receive an email every time a request is blocked - or every time a certain type of request is blocked - this option also exists.
When I might need time-based filter controls?
Research has shown that over-restricting website access can be responsible for a lack of productivity and that it can be beneficial to give employees a little online downtime. Consequently you could apply time-based access controls between 9.00 a.m. and 12.00 noon, and then again between 2.00 p.m. and 5.00 p.m., so employees can check emails, social media, etc., periodically.
